[pve-devel] applied: [PATCH pve-access-control] fix #5190: access-control: openid acr format regex
Thomas Lamprecht
t.lamprecht at proxmox.com
Thu Feb 8 18:27:25 CET 2024
Am 06/02/2024 um 11:11 schrieb Gabriel Goller:
> Restrict the acr-value regex a little bit so as to align the behavior
> with PBS. The openid documentation says that the acr-value *should* be
> an URI [0]. Added a regex that loosely disallows some of the reserved URI
> characters specified in the RFC [1].
>
> Values like:
> * "urn:mace:incommon:iap:silver"
> * "urn:comsolve.nl:idp:contract:rba:location"
> SHOULD work, but values like:
> * "urn:#ace:incommon:iap:silver"
> * "urn:"omsolve.nl:idp:contract:rba:location"
> should NOT work.
>
> [0]: https://openid.net/specs/openid-connect-core-1_0.html
> [1]: https://www.rfc-editor.org/rfc/rfc2396.txt
>
> Signed-off-by: Gabriel Goller <g.goller at proxmox.com>
> ---
> src/PVE/Auth/OpenId.pm | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
>
applied, thanks!
But I had to reword the commit message to actually mention the PBS fix,
I also moved the reference to the bug #5190 down in the commit message
body, as we do not fix that bug here so it doesn't make sense to state
so in the subject.
I also dropped the "access-control" tag from the commit subject, we're
already in the pve-**access-control** repo, so that's a given, see:
> Don't add tags for things that are already clear from context, for
> example, adding a qemu tag for a patch in the qemu-server repository
> has no use.
-- https://pve.proxmox.com/wiki/Developer_Documentation#Commits_and_Commit_Messages
More information about the pve-devel
mailing list